Online bankers face double layer of security

Page Tools

Internet banking customers will be required to use mobile phones
or carry plastic tokens to log into their accounts as banks tighten
up security for online services.

The chief executive of the Australian Bankers' Association,
David Bell, said an industry standard requiring all banks to use
two methods of identifying internet customers would be introduced
later this year. Internet fraud was costing Australian banks more
than $25 million a year in losses, he said. Under the standard,
each bank will choose its own method of secondary identification,
which Mr Bell said would be based on "something customers have", as
distinct from "something they know".

Research by the bankers' group has found that customers do not
want to use biometric devices that involve physical contact, such
as fingerprints, because of privacy concerns.

Banks are testing systems that send text messages to customers
when they first enter a bank's website. The message contains an
extra number that is needed to complete the transaction.

Last year, Bendigo Bank began testing security tokens that fit
on a key ring and will soon make the system mandatory. About 20 per
cent of its internet banking clients now use the devices, which
they must buy. A standard token, costing $16.50, has an internal
clock that generates random numbers, recognised as unique to that
customer by Bendigo's computer system. On each transaction, the
customer must type the number into their computer within a time
limit. A premium model of the token, for office use, costs $99.

Once activated, the tokens must be used every time a customer
banks online. "It is a very tiny inconvenience," a Bendigo Bank
spokesman said. "When you leave the car, you take a few seconds to
lock it."

A spokeswoman for the Australian Consumers' Association, Lisa
Tait, said banks should not be charging customers for security
devices and they should also provide updated anti-virus software
free of charge.

"Online banking is cheap for banks," she said. "After all, going
into a branch is more secure."

The use of text messaging raised its own security issues. "What
if someone steals your phone?" Ms Tait asked.

The Australian Federal Police Commissioner, Mick Keelty, said 8
million Australians regularly used internet banking. Although the
online banking system in Australia had never been subjected to a
major hacking attack, customers were being targeted by "phishing"
email scams, trojans and key loggers. These are all methods used by
online criminals to steal users' passwords.

The consumers' association said the banks placed too much onus
on customers to protect themselves when high-technology scams were
becoming increasingly sophisticated.